• Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
No Result
View All Result
Home Security

Sick Codes @ DEF CON 29 August 5-8 2021!

by Sick Codes
June 29, 2021 - Updated on August 7, 2021
in Security
0
Defcon 2021 Sickcodes Live August 5-8th

Defcon 2021 Sickcodes Live August 5-8th

Pleased to announce we will be speaking at two talks this year at DEF CON 29 conference in Las Vegas, which will be a hybrid virtual and in-person event.

You can purchase tickets at: https://defcon.org/ and https://shop.defcon.org/

Add to Calendar links:

Calendar invite 20210806-def-con-rotten-code-aging-standards-1Download

Calendar invite 20210808-def-con-the-agricultural-data-arms-race.icsDownload

The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.

Link to talk: https://defcon.org/html/defcon-29/dc-29-speakers.html#sick

Sick Codes

How I hacked the entire American Food Supply Chain over the course of 3 months, assembled a team of hacker strangers, and how we used a “full house” of exploits on almost every aspect of the agriculture industry. See the process in which it happened, the private exploits we used, the vectors we attacked from, and how it could happen again, or be happening right now.

How the ongoing analytics arms race affects everyone, and how Tractor companies have metastasized into Tech companies, with little to no cyber defenses in place. Learn how farms are not like they used to be; telemetry, crop & yield analytics, and more telemetry.

Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language

Link to talk: https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis

Kelly Kaoudis

Sick Codes Hacker

Openness to responsibly disclosed external vulnerability research is crucial for modern software maintainers and security teams. Changes in upstream dependency code may have pulled the safety rug out from underneath widely trusted core libraries, leaving millions of services vulnerable to unsophisticated attacks. The impact of even a single reasonably well-distributed supply-chain security vulnerability will be felt by engineering teams across many applications, companies, and industries.

We’d like to discuss an IP address parsing vulnerability first discovered in private-ip, a small and infrequently maintained yet critically important NodeJS package for determining if an IP address should be considered part of a private range or not. We’ll talk about not only the implications of this CVE but taking the main idea and applying it across multiple programming languages in uniquely disturbing ways.

Sometimes, the effects of code rot are even more far-reaching than we could possibly expect, and if you pull on a thread, it just keeps going. Sometimes, you get lucky when you know exactly what you’re looking for. Sometimes, it’s hard to convince other technically-minded folks that a seemingly trivial implementation flaw is dangerous in capable hands.

This talk is beginner as well as advanced-friendly; we’ll show you the basics a hacker or a programmer needs to know about IP address parsing and how to tell your octal from your decimal along the way.

Defcon 2021 Sickcodes Live August 5-8th
Defcon 2021 Sickcodes Live August 5-8th
Next Post
Run Android on Docker - Dock Droid Docker Android Image

[RELEASE] Android Docker Container - Dock Droid - Run QEMU Android in a Docker! X11 Forwarding! CI/CD for Android x86 in Docker!

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29922 - rust standard library "net" - Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29923 – golang standard library “net” – Improper Input Validation of octal literals in golang 1.16.2 and below standard library “net” results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29923 - golang standard library "net" - Improper Input Validation of octal literals in golang 1.16.2 and below standard library "net" results in indeterminate SSRF & RFI vulnerabilities.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects

© 2017-2021 Sick.Codes

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form